Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Attackers are abusing the storage and sharing features of Kuse, a free AI app, to assist in phishing campaigns, according to researchers at Trend Micro. Kuse is a legitimate agentic AI platform used by employees to streamline workflows. Users can share files with coworkers, which generates a link hosted by Kuse’s domain. In this case, attackers are abusing the share feature to generate legitimate-looking phishing links.

Zero-Shot Learning is a podcast for AI builders, hosted by Nancy Wang, Chief Technology Officer at 1Password, and Dev Tagare, Senior Director and Head of Engineering for Gemini Enterprise & Business at Google. Together, they’ve built and scaled AI systems at the infrastructure and product layers and bring a builder's perspective to every conversation.

In a typical enterprise, non-human identities (NHIs) are thought to outnumber human users by at least 50:1. NHIs are various and include: It is estimated that the NHI: human ratio may have leapt to 144:1 as more AI agents were deployed over the last year. CISOs are already alive to the risks posed by orphaned accounts on their systems. They know that automated rotation is required to revoke privileges as soon as NHIs complete tasks.

Grid is LimaCharlie's agentic AI layer for security teams that want AI operations running across their existing stack right now. Security providers and SOCs need access to AI capabilities without waiting for a migration window, a contract renewal, or a vendor to ship the features they need. Every major security vendor is offering some version of AI. CrowdStrike has Charlotte AI. SentinelOne has Purple AI. Microsoft has Copilot for Security.

Security teams that deployed legacy DLP years ago built something real. The rules fire. The alerts go out. Compliance boxes get checked. The problem is not that those programs stopped working. It is that the threat moved, and the architecture did not. Agentic AI has introduced a class of data movement that legacy DLP was never designed to govern: autonomous, continuous, multi-step, and operating at machine speed across systems that static rules cannot enumerate in advance.

This article was originally published in TechRadar Pro. The Iran conflict is serving as an AI testbed for the next era of cyber conflict. Most organizations are watching the tactics and impact unfold with cybersecurity defenses that are simply not prepared for this level of sophistication. Meanwhile, technology leaders are seeing AI as both their biggest opportunity and a major new attack vector.

When the US Center for AI Standards and Innovation (CAISI) asked for public input on securing agentic AI systems, the response was massive: over 500 detailed submissions from Fortune 500 companies, defense contractors, AI startups, and cybersecurity firms. The result is substantial insight into how industry views the regulatory challenges of autonomous AI agents and what they think policymakers should do about it.

Your AI agents had a productive day. Nobody can tell you what data they touched. A developer opens Cursor and connects it to a GitHub MCP server and a Postgres MCP server. The agent reads the repo to understand a schema change, finds an AWS access key in a config file, and uses it to run a migration against staging. The key now lives in the agent's context, in the Postgres query log, in the chat history, and in whatever artifact the developer copies out. No alert fired. No policy triggered.